forked from CCCHH/nix-infra
June
68f11ad955
Do this to be able to update the moderation bot and because the security issues apparently aren't real world exploitable: https://matrix.org/blog/2024/08/libolm-deprecation/
36 lines
1 KiB
Nix
36 lines
1 KiB
Nix
# Sources for this configuration:
|
|
# - https://github.com/matrix-org/mjolnir/blob/main/docs/setup.md
|
|
# - https://github.com/matrix-org/mjolnir/blob/main/config/default.yaml
|
|
|
|
{ ... }:
|
|
|
|
{
|
|
# Allow deprecated, apparently somewhat insecure libolm to be able to update
|
|
# the moderation bot.
|
|
# The security issues aren't real world exploitable apparently:
|
|
# https://matrix.org/blog/2024/08/libolm-deprecation/
|
|
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
|
|
services.mjolnir = {
|
|
enable = true;
|
|
homeserverUrl = "https://matrix.hamburg.ccc.de";
|
|
managementRoom = "#moderation-management:hamburg.ccc.de";
|
|
settings = {
|
|
verboseLogging = false;
|
|
};
|
|
pantalaimon = {
|
|
enable = true;
|
|
username = "moderation";
|
|
passwordFile = "/run/secrets/matrix_moderation_user_password";
|
|
options = {
|
|
ssl = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets."matrix_moderation_user_password" = {
|
|
mode = "0440";
|
|
owner = "mjolnir";
|
|
group = "mjolnir";
|
|
restartUnits = [ "mjolnir.service" ];
|
|
};
|
|
}
|